glite-APEL

lcgmon01

This machine runs our APEL publishing.

The link to the glite-package is here
This install refers to glite-APEL 3.2.5-0.sl5.
It closely follows these instructions: glite-APEL.

(1) Get repositories and install software (see also a note on mysql below)
cd /etc/yum.repos.d
wget http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/lcg-CA.repo
wget http://grid-deployment.web.cern.ch/grid-deployment/glite/repos/3.2/glite-APEL.repo
yum install lcg-CA
yum install glite-APEL

(2) Configure via yaim
It's a very short siteinfo.def (and no, the passwords are not real):

MYSQL_PASSWORD=myverysecretpasswd
APEL_DB_PASSWORD=mysecretpasswd
CE_HOST=ceprod03.grid.hep.ph.ic.ac.uk
MON_HOST=lcgmon01.grid.hep.ph.ic.ac.uk
SITE_NAME=UKI-LT2-IC-HEP
APEL_PUBLISH_USER_DN=yes

Note that you need to rerun yaim several times, once for each CE you have (I have 3 :-)

(3) Backup old (glite-MON database) and import into new database
(Or why can I back up a 5GB database in a 0.5 GB gzipped file ?)
on lcgmon00 (old machine):
mysqldump -u accounting -p accounting | gzip > mon_backup.sql.gz
on lcgmon01 (new machine, the file is now unzipped):
mysql -u accounting -p accounting < /vols/grid/mon_backup.sql

(4) Register node in GOCDB
If yours is a UK node with the silly email address in the hostcert subject, you'll probably have to file a GGUS ticket. Like this one.

(5) Point you CEs to the new machine
Make sure the ports are open (on lcgmon01):
# ceprod03
-A RH-Firewall-1-INPUT -s 146.179.246.40 -p tcp -m tcp --dport 3306 -j ACCEPT
etc

(6) Adding a new CE
mysql --pass="myverysecretpasswd" --exec "grant all on accounting.* to 'accounting'@'cetest00.grid.hep.ph.ic.ac.uk' identified by 'mysecretpasswd'"
Update iptables:
# cetest00
-A RH-Firewall-1-INPUT -s 146.179.247.30 -p tcp -m tcp --dport 3306 -j ACCEPT
/etc/init.d/iptables restart

A note on mysql
Or: Am I the only one who ever admits to not getting it right in the first go ?
On the first go at yaim, it complained:
INFO: Now updating the CRLs - this may take a few minutes...
WARNING: /opt/glite/libexec/fetch-crl.sh didn't finish successfully
WARNING: CRLs may not be updated, please have a look !
mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)'
Check that mysqld is running and that the socket: '/var/lib/mysql/mysql.sock' exists!
ERROR 2002 (HY000): Can't connect to local MySQL server through socket
'/var/lib/mysql/mysql.sock' (2)

A closer look revealed that mysql-server was indeed missing:
yum install mysql-server

next try:
mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'root'@'localhost' (using password: YES)'
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

OK, set password:
/usr/bin/mysqladmin -u root -h lcgmon01.grid.hep.ph.ic.ac.uk password '[the MYSQL_PASSWORD password that's in siteinfo.def]'

still no change... re-reading the manual (oh dear), I do (including the ' and '):
/usr/bin/mysqladmin -u root password '[the MYSQL_PASSWORD password that's in siteinfo.def]'

mysql -u root -p
[the MYSQL_PASSWORD password that's in siteinfo.def]
now works.
Woohoo.